Firewall Wizards mailing list archives
Re: Air gap technologies
From: Aleph One <aleph1 () underground org>
Date: Thu, 25 Jan 2001 15:44:34 -0800
On Thu, Jan 25, 2001 at 04:51:37PM -0500, Elad Baron wrote:
Up to now, this group has chosen to focus mainly on the physical disconnection aspect of the technology, and this is why, in my opinion, missed the big picture. I can only repeat what I said in my original response: "***The secure transport mechanism we have is a means to achieve our goal; it is not the goal!***".
I must disagree. You must have missed our earlier messages were myself, and I believe Cripin as well, agreed that dual-host proxies as implemented by E-Gap and similar products do offer security benefits not found on standard proxy products, although someone mentioned that Secure Computing's SideWinder with its domain type enforcement technology offer similar characteristics. Our point of contention is the choice of nomenclature. We find that calling these products "air gaps" is a misuse of the term as used in the computer security field as these systems do not exhibit all the characteristics of a real security air gap, of which the most important is that the transfer of data cross an air gap is not automated. Further we argue that your choice of an actual physical switch at the transport layer does not add significant security when compared to implementations that don't use a switch, and thus hypothesize that it was choose to have an excuse to use the air gap terminology. So once again: The products are good. The terminology is wrong. The use of a physical switch is suspect. BTW, I only used RS232 as an example. The are certainly higher speed protocol that are simpler than SCSI. For example ECP at 1 MB/s or Ethernet at 10 Mb/s.
Elad Baron http://www.whalecommunications.com
-- Aleph One / aleph1 () underground org http://underground.org/ KeyID 1024/948FD6B5 Fingerprint EE C9 E8 AA CB AF 09 61 8C 39 EA 47 A8 6A B8 01 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- RE: Air gap technologies, (continued)
- RE: Air gap technologies Elad Baron (Jan 25)
- Re: Air gap technologies Avi Rubin (Jan 25)
- RE: Air gap technologies Frank Knobbe (Jan 25)
- RE: Air gap technologies daN. (Jan 25)
- RE: Air gap technologies Elad Baron (Jan 25)
- Re: Air gap technologies David Wagner (Jan 25)
- Re: Air gap technologies Adam Shostack (Jan 26)
- Re: Air gap technologies Aleph One (Jan 25)
- Re: Air gap technologies David Wagner (Jan 25)
- RE: Air gap technologies Bill_Royds (Jan 25)
- RE: Air gap technologies Elad Baron (Jan 25)
- Re: Air gap technologies Aleph One (Jan 25)
- Re: Air gap technologies Aleph One (Jan 25)
- Re: Air gap technologies Aleph One (Jan 25)
- RE: Air gap technologies Elad Baron (Jan 25)